- EPSS 1.49%
- Veröffentlicht 18.07.2008 16:41:00
- Zuletzt bearbeitet 16.06.2026 22:55:24
Unspecified vulnerability in phpBB before 3.0.1 has unknown impact and attack vectors related to "urls gone through redirect() being used within login_box()."
- EPSS 1.49%
- Veröffentlicht 12.04.2008 20:05:00
- Zuletzt bearbeitet 16.06.2026 22:52:26
Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknown impact and attack vectors, related to "two minor security-related bugs."
CVE-2008-0471
- EPSS 0.63%
- Veröffentlicht 29.01.2008 20:00:00
- Zuletzt bearbeitet 16.06.2026 22:49:42
Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages (PM) as arbitrary users via a deleteall action.
CVE-2007-5688
- EPSS 1%
- Veröffentlicht 29.10.2007 19:46:00
- Zuletzt bearbeitet 16.06.2026 22:46:38
Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2)...
CVE-2007-5173
- EPSS 2.8%
- Veröffentlicht 03.10.2007 14:17:00
- Zuletzt bearbeitet 16.06.2026 22:45:35
PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID/BBStore.php in phpBB Openid 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the openid_root_path parameter.
CVE-2007-4653
- EPSS 1.01%
- Veröffentlicht 04.09.2007 22:17:00
- Zuletzt bearbeitet 16.06.2026 22:44:30
SQL injection vulnerability in links.php in the Links MOD 1.2.2 and earlier for phpBB 2.0.22 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter in a search action.
CVE-2006-7168
- EPSS 7.26%
- Veröffentlicht 20.03.2007 10:19:00
- Zuletzt bearbeitet 16.06.2026 22:34:30
PHP remote file inclusion vulnerability in includes/not_mem.php in the Add Name module for PHP allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
- EPSS 1.28%
- Veröffentlicht 08.02.2007 17:28:00
- Zuletzt bearbeitet 16.06.2026 22:24:35
phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist...
CVE-2006-5191
- EPSS 3.14%
- Veröffentlicht 10.10.2006 04:06:00
- Zuletzt bearbeitet 16.06.2026 22:30:41
PHP remote file inclusion vulnerability in includes/functions_static_topics.php in the Nivisec Static Topics module for phpBB 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2003-1530
- EPSS 1.06%
- Veröffentlicht 31.12.2003 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:04:36
SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark[] parameter.